Re: No more Bugzilla for me

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 22, 2009 at 08:58:27AM +0200, Ralf Corsepius wrote:
> Jesse Keating wrote:
>> On Wed, 2009-04-22 at 14:31 +1000, Rodd Clarkson wrote:
>>> Ah, I'm a little confused.
>>>
>>> All that was requested was a change of password.  This doesn't stop Joe
>>> Public from signing up and accessing bugzilla, and presumably doesn't
>>> stop Joe from viewing leaky NDA's.
>>>
>>> All it seems to do is make me have to change a password.
>>>
>>> Surely if there are leaks using the old password, then there's still
>>> leaks with my new password (which is actually my old password since I
>>> went back in and changed it back).
>>
>> There is a theory that changing passwords on a regular bases lessens the
>> risk of somebody's password being stolen and used nefariously.
> There are studies, which state to counterprove such statements (Sorry,  
> nor reference at hand).
>
> They claim the key to password security is to use strong passwords,  
> while frequently changing passwords only cause users to reuse the same  
> or variations of the weak passwords they already used elsewhere.

Enforcing frequent unique password changes results in users writing
their passwords down and storing them on their monitors, under their
keyboards, etc :)

That or a frequent need for password resets.

Ray

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux